Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for SARIF-based validation results #373

Open
wants to merge 13 commits into
base: develop
Choose a base branch
from
Open

Support for SARIF-based validation results #373

wants to merge 13 commits into from

Conversation

david-waltermire
Copy link
Collaborator

@david-waltermire david-waltermire commented Jun 20, 2024
edited
Loading

Committer Notes

This PR adds support for producing Static Analysis Results Interchange Format (SARIF) results based on schema and constraint validations.

To support these features, this PR adds:

  • Tracking of object parse locations
  • A new SarifValidationHandler that produces a SARIF file based on validation results
  • A -o option to CLI validation commands to generate a SARIF result at the provided location
  • Support for creating findings for both pass and fail results. The default behavior is to only produce fail results, but this can be overridden to also produce pass results. This allows the SARIF results to include both.

This PR builds on the following PRs, which should be merged before this PR.

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Have you squashed any non-relevant commits and commit messages? [instructions]
  • Do all automated CI/CD checks pass?

Changes to Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you included examples of how to use your new feature(s)?
  • Have you updated all website](https://pages.nist.gov/metaschema) and readme documentation affected by the changes you made? Changes to the website can be made in the website/content directory of your branch.

david-waltermire and others added 12 commits May 28, 2024 14:20
@david-waltermire
allow web and maven central to be selected.
a3cfe96
@david-waltermire
normalizing line endings
ef34bc3
@david-waltermire
Add support for Expanded QNames
2896f01
@david-waltermire
Reworked definition and instance model classes to reduce extra interf…
1cf8e52 
…aces and to simplify and align implementations.
@david-waltermire
Add support for Metapath arrays
0a9e901 
* Completed code to support Metapath array construction.
* Implemented array postfix and unary lookups.
* Cleaned up ISequence implementations, moving getFirstItem to be a method member. Added a utility function to convert a sequence into an array member.
* Added support for the following Metapath functions:
  - array:get
  - array:put
  - array:append
  - array:subarray
  - array:remove
  - array:insert-before
  - array:join
  - array:head
  - array:tail
  - array:reverse
  - array:flatten
* Fixed spotbugs null check warnings
* Cleaned up some Javadocs.
* Incorporated changes based on CodeRabbit review.
* normalized line endings
@david-waltermire
Added a CLI command to list Metapath functions
215388a 
* Added initial implementation of the 'metaschema-cli metapath list-functions' command.
* Added a better means to collect the metaschema-related CLI commands for reuse.
@david-waltermire
This fixes usnistgov/oscal-cli#216 by ensuring that the document node…
879e58d 
… returns the root node when getValue is called.
@david-waltermire
Differentiate between default and other recognized extensions
f29d5d7
@david-waltermire
Fixed a few bugs causing exceptions when using external constraints.
74698b1
@david-waltermire
This PR adds the following new Metapath map features.
95a1e4e 
- Support for map construction.
- Added support for maps in function call, postfix and unary lookups.
- Added support and unit tests for the following Metapath functions:
  - map:get
  - map:merge
  - map:entry
  - map:size
  - map:keys
  - map:contains
  - map:find
  - map:put
  - map:remove
- Added missing characteristics on a number of existing Metapath functions.
- Cleaned up a bunch of PMD warnings.
@david-waltermire
Added support for QName for Metaschema data types, which are used in …
fb1dc25 
…function signatures now instead of the Java class name.
@david-waltermire
Refactored Metaschema validation API to allow for more flexibility in…
43f6f18 
… use. Improved abstract CLI validation commands to provide more options for model detection.
@david-waltermire david-waltermire force-pushed the feature-metaschema-object-parse-locations branch from 62860ed to c72fe34 Compare June 20, 2024 21:08
@david-waltermire david-waltermire changed the title Support for SARIF-based vvalidation results Support for SARIF-based validation results Jun 20, 2024
This was referenced Jun 20, 2024
Open
Open
@david-waltermire david-waltermire marked this pull request as ready for review June 20, 2024 23:24
@david-waltermire david-waltermire force-pushed the feature-metaschema-object-parse-locations branch 3 times, most recently from 6b44364 to cf9ddfe Compare June 21, 2024 03:41
@david-waltermire david-waltermire mentioned this pull request Jul 3, 2024
Open
8 tasks
@david-waltermire
Copy link
Collaborator Author

This should be merged using "rebase and merge" to avoid merge conflicts in downstreams.

@david-waltermire
- Refactored package names to better organize binding related code an…
006858c 
…d to distinguish provided model bindings.

- Added support for capturing parsed location information in bound objects. This will be useful for producing context for validation results.
- Fixed bugs causing the ordering of generated classes to be chaotic. Also fixed bugs causing binding configurations to match based on minor URI differences caused by inconsistent behavior between file and path URI productions.
- Updated Metaschema module binding to incorporate latest module changes.
- Added support for exposing parse locations in validation results.
- Added support for producing Static Analysis Results Interchange Format (SARIF) results based on schema and constraint validation results.
  - Added SARIF CLI output option to validate command.
  - Added support for including rules and artifact information in SARIF results. SARIF files now work on commonly available viewers.
  - Added constraint formal-name and description to SARIF output, allowing human readers to better understand why the result was produced.
  - Added a GUID to SARIF output for each rule.
- Adjusted constraint result production to allow for pass results to be produced, which supports producing SARIF result that include both pass and fail statuses using an API-level configuration.
- Added methods to handle making URIs relative to another URI.
- Ensured proper handling of Metapath errors during validation. Resolves usnistgov/oscal-cli#292
- Fixed compile and PMD warnings.
- Added some Javadocs.
@david-waltermire david-waltermire force-pushed the feature-metaschema-object-parse-locations branch from e8d5580 to 006858c Compare July 28, 2024 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@david-waltermire